Reputation: 836
Allow ingress and egress for one container in docker-compose setup
I want to set up Paperless-ngx on a VM that has no IPv4 address. My old setup on a RaspberryPi at home worked flawlessly. It was able to fetch eMails and to serve requests.
On the VM I only manage to enable either being able to serve requests or to reach the internet. I do not manage to enable both at the same time. I tried to follow plenty of tutorials on the internet but to no avail. I must miss something.
My /etc/docker/daemon.json looks like this:
{
"experimental": true,
"fixed-cidr-v6": "fd00::/80",
"ip6tables": true,
"ipv6": true,
"userland-proxy": false
}
With it, directly started container can reach the internet. For instance, inside a fresh Debian container, using docker run --rm -it debian:bookworm bash, I can reach internet, e.g. by apt update, apt install and curl or ping after that.
However, that does not suffice for my docker-compose setup to reach internet.
The docker-compose.yml looks as follows:
version: "3.8"
services:
broker:
image: docker.io/library/redis:7
restart: unless-stopped
volumes:
- redisdata:/data
networks:
- paperless-net
db:
image: docker.io/library/postgres:16
restart: unless-stopped
volumes:
- /persistent-data/paperless-ngx/database:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
networks:
- paperless-net
webserver:
image: paperlessngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- db
- broker
ports:
- "[::]:24471:8000"
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- /persistent-data/paperless-ngx/data:/usr/src/paperless/data
- /persistent-data/paperless-ngx/media:/usr/src/paperless/media
- /persistent-data/paperless-ngx/export:/usr/src/paperless/export
- /persistent-data/paperless-ngx/consume:/usr/src/paperless/consume
env_file: docker-compose.env
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_DBHOST: db
networks:
- paperless-net
networks:
paperless-net:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
- subnet: fd00:dead:beef::/80
volumes:
redisdata:
With this configuration, it is possible to access internet from the webserver. However, neither does curl -L http://paperless.my-domain.com work, nor curl -L http://localhost:24471. Weirdly, using the public IPv6 address directly does work: curl -L http://[2001:db8::1]:24471.
What would I have to do to enable ingress and egress in this scenario?
Upvotes: 0
Views: 50
Answers (1)
Reputation: 836
I ended up using the internal IPv6 address instead of localhost. I still do not understand why localhost does not work, but using the IPv6 address is fine enough in this case.
Thus, instead of
ProxyPass / http://localhost:24471/
ProxyPassReverse / http://localhost:24471/
I now use
ProxyPass / http://[fd00:0002::1]:24471/
ProxyPassReverse / http://[fd00:0002::1]:24471/
Of course, which address to use depends on your network setup.
Upvotes: 0
Related Questions
- Docker Compose wait for container X before starting Y
- Docker: How to clear the logs properly for a Docker container?
- Difference between "docker compose" and "docker-compose"
- What is the difference between docker and docker-compose
- What is the difference between ports and expose in docker-compose?
- What's the difference between Docker Compose and Kubernetes?
- How to restart a single container with docker-compose
- Docker Compose keep container running
- docker-compose up for only certain containers
- docker compose build single container